The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Tools & Methods Developed at the SEI

The SEI creates, tests, refines, and disseminates a broad range of technologies and management techniques. These techniques enable organizations to improve the results of software projects, the quality and behavior of software systems, and the security and survivability of networked systems. As an applied research and development center, the SEI brings immediate benefits to its research partners and long-term benefits to organizations that depend on software. The tools and methods developed by the SEI and its research partners are applied daily in organizations throughout the world.

Forges & Communities

Acquisition Support
We support acquisition managers and practitioners throughout the lifecycle, from the identification of user needs through sustainment. Acquisition Managers and practitioners can use our tools and methods to more effectively form acquisition strategy, more accurately estimate software costs, more fully profile software risks, and more realistically model sustainment investment.

Cybersecurity EngineeringWe address security, software assurance, and survivability throughout the development and acquisition lifecycles. Acquirers, managers, developers, and operators of large-scale, complex, networked systems can integrate our methods with existing practices to build security into software-reliant systems and our tools to gain greater confidence in the security of those systems.

Cyber Risk and Resilience ManagementUsing a resilience approach, organizations focus on managing risk to critical assets by optimizing both protection and continuity strategies. Managers use our tools and methods to determine the organization's capability to set resilience goals and targets, and develop plans to close identified gaps.

Digital Intelligence and InvestigationComputer forensics investigators in law enforcement and other sectors can use our tools to develop incident response capabilities and facilitate their investigations.

Insider ThreatA cybersecurity insider threat is a person who intentionally misuses or exceeds authorized access to an organization's network, system, or data in a way that negatively affects the organization's information or information systems. Security officers use our insider threat test datasets to model malicious activity.

Measurement & AnalysisProject, process, program and enterprise results shape the fulfillment of an organization’s mission. We provide qualitative and quantitative tools and methods to measure and analyze results in order to root out inefficiencies and improve outcomes.

Performance & DependabilitySystem engineers must deliver increasingly complex software systems that provide more functionality while consuming less power and costing less to develop and operate. Our tools build on the SEI’s architecture-centric, model-based approach to support repeated analysis early in and throughout the development life cycle.

Risk ManagementMission risk analysis is based on a holistic, system-theory view of risk for interactively complex, distributed, socio-technical systems. Managers of these complex systems can use our tools to change the risk management paradigm from a traditional (a focus on threats) to the mission risk analysis (a focus on drivers for success) approach.

Secure CodingIn this area, our work aims to reduce the number of vulnerabilities by preventing coding errors or discovering and eliminating security flaws during implementation and testing. Software developers and project managers can use our freely available tools to perform static analysis on code and validate code against ruled defined by ISO/IEC TS 17961.

Smart Grid
The smart grid concept is a combination of technology and practices that is transforming power grids around the world. Electric utility organization managers can use our smart grid tools to inform their utility’s vision for smart grid transformation, chart its progress toward implementation, and strengthen cybersecurity capabilities.

Software ArchitectureOur two decades of work in software architecture has shown that building or choosing the right software architecture paves the way for system success. Software architects and project managers can use
our tools and methods to establish requirements, define an architecture intended to satisfy requirements, evaluate and improve an architecture, document an architecture, and analyze an architecture for system safety-, security-, and performance-critical behaviors.

Software Product Lines
Organizations using software product lines have realized order-of-magnitude improvements in time to market, cost, productivity, quality, and other business drivers. Our tools help management combine the business and technical approaches necessary to adopt a software product lines approach as a dependable low-risk high-payoff practice.

System of SystemsAchieving interoperability in systems of systems brings a set of challenges that differ from those of traditional development. We offer tools and methods to facilitate the interoperation of independently evolving systems of systems.

Vulnerability AnalysisOur work helps software developers and project managers understand how vulnerabilities are created. They can use of our open source tools to find vulnerabilities and eliminate them before deploying the software.